5e8b9bda1bb1c9e65ce0fe488933ca21a2164bcaeda45b953dae81587795cdb1

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 20:21

Target

576945d4397452a5aaaebe6927edf064.dll
Size

60KB
MD5

576945d4397452a5aaaebe6927edf064
SHA1

0d36e23a4cdb3088fc68256d51d70338a772f152
SHA256

5e8b9bda1bb1c9e65ce0fe488933ca21a2164bcaeda45b953dae81587795cdb1
SHA512

c7b97e88785f9d463e7970edcd7699a4fdb6240c2fb88135b304d3230fc0374ff9310ef659f94e1715f0e40fa6075f134605ac9192559021ca24bcbe98e1bc47
SSDEEP

768:z0lkRiVhVZLwOuLP5X7XVA45P1sxvXogo6NC0lmGkMzuPuctSmngMRaRI3lPQvbo:z0KROx4LBy45NodoyC0lmiuHtMMU7a

Score

4^/10

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Internet Explorer\wsock32.dll	rundll32.exe
File created	C:\Program Files (x86)\Internet Explorer\wsock32.dll	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28
PID 1076 wrote to memory of 2644	1076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\576945d4397452a5aaaebe6927edf064.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\576945d4397452a5aaaebe6927edf064.dll,#1
  2⤵
  - Drops file in Program Files directory
  PID:2644